package com.googlecode.bizyap.core;

import java.security.Principal;
import java.util.Set;

/**
 * it is advised to implement this interface to authenticate and authorize user...
 * if not, any AuthProvider must implement "authenticate" and "authorize" method signatures.
 * (in that case, java reflection will be used to invoke these methods.)
 *
 * When deploying web-app, this interface may not be (should not be !) bundled in your app's classpath.
 * And that will be more appropriate way. If you do, "authenticate" and "authorize" are still going to work correctly,
 * but instead of direct method call, they will be invoked via reflection.
 *
 * @author mehmet.dogan
 */

public interface SSOAuthProvider {

	Principal authenticate(String username, String domain);

	Set<Principal> authorize(Principal user);
}
